The Deep End | Paul Venezia » September 2006

September 30, 2006 | Comments: (0)

A prayer for my modem

TAGS: Networks, Systems

So after years of diligent service for several masters, my sister's iBook G3 800 finally died. It was quick and painful. I ordered her a new MacBook with a 100GB disk and 1GB of RAM, and it became the first x86 Mac I've used to date (I'm rather stodgy that way sometimes, and am waiting for the Merom upgrades to the Mac Book Pro line). Aesthetically, this MacBook is quite charming, and certainly fast. However, after booting it up past the initial setup, software update ran... and required 664.5MB in updates to be downloaded. This included were everything from a few small security fixes to the iLife updates, Java, and the 10.4.8 update (300MB all by itself).

Luckily, I have a 10Mb connection, and I routinely get 1.2MB/s from Apple, so the updates are flying down as I type this, but God help you if you're on dialup. That's just under 28 hours with a solid 56k connection.

Posted by Paul Venezia on September 30, 2006 03:35 PM

September 30, 2006 | Comments: (0)

Rebuilding The State

TAGS: Ephemera, Gear

See? It's what plenty of folks have been saying all along... at least when it comes to entertainment, the viewer does actually know what they want.

I just downloaded the entire first season of The State, the hysterical sketch comedy show that originally aired on MTV in the early nineties. Browsing through the iTunes TV Show listings, I almost swallowed my teeth when I saw the show offered, and immediately spent the $10 to download the first season. I just finished watching the first three episodes from my iPod plugged into my TV.

Just as the networks have discovered that canceled shows have another life as DVD compilations, they're starting to see the market for these shows on iTunes. Big surprise. What they're still missing is that canceling these shows in the first place is a bad idea (see Arrested Development).

It's stunning to me that perusing the offerings in the iTunes store will show current television shows side-by-side with a 12-year-old series. When The State was originally broadcast, the Internet was still the playground of academia, and a 33.6 modem link was the only way to connect from anywhere else. Of course, Beavis and Butthead is also available now as well. The difference is that The State hasn't been broadcast in any form whatsoever in at least a decade.

According to MTV, offering this show on iTunes is a way to test the market for older material. My prediction is that you'll suddenly see much more older content up on iTunes. This doesn't necessarily mean it's any good, but the costs of offering it in this format are nearly nothing -- no DVDs to press, no cases to manufacture -- simply a one-time remastering of the material. What a shocking idea.

The only thing that can move this market is money. Suing their own customers hasn't gotten the RIAA and MPAA anywhere, but maybe they're starting to come around now. Too bad that they've already blown it. Just as professional-quality home studios are a reality, high-quality small budget film productions are a reality (see Primer), and the distribution methods are becoming just as cheap as well. If we continue to see painfully bad major-label movies, television shows, and music pushed down our throats, the consumer will go elsewhere -- no matter where that might be. Based on the popularity of videoblogging, if Apple were to start offering a platform for paid distribution of independent television shows and movies, priced far below the cost of buying the Hollywood offerings, I bet they'd create a whole new market.

On the music side of things though, I will not buy music from iTunes. If I can't play it on the format I want, it's worth nothing to me. My Sonos system can't play iTunes files, and that's what runs all the music in the house. Immediate hard stop. Since there are very few competing video devices on the market today, the video side is different, for now. Then again, the iTV is ready for takeoff, and you can bet I'll be on that flight.

Posted by Paul Venezia on September 30, 2006 10:05 AM

September 06, 2006 | Comments: (0)

A (late) look at FreeBSD 6.1

TAGS: ./configure && make && make install, Systems

Although I've run BSD-based production servers for 15 years or so, I find that I tend to get rusty since they basically just sit there doing their thing until there's a hardware failure. Being the proactive fellow that I am, I tend to fire hardware before it can quit, so I decided to take the weekend and build a FreeBSD 6.1-RELEASE server to replace one that had been running 4.9-RELEASE for years.

This server does just about everything, from handling a massive mail volume and the associated filters and virus scanning duties, to mailing lists served via mailman, to hosting over 80 domains for both DNS, mail and Web hosting. This upgrade would be major indeed, upgrading to PHP5, MySQL5, Apache 2.0, and on and on. Also, the disk in this server is standard ATA/133 PATA drives using software RAID. What follows are brief notes on my migration, some FreeBSD basics, and things I wish I'd known at the time.

Installation-

Boot from the bootonly ISO, standard install, construct your partitions on one of the drives (ad0), set the MBR, basically all the defaults, and select the Developer package set. Let the installer do its thing, but don't bother installing any specific ports yet. When it's all over, set up a local user, root password, timezone, and the like. Then, before rebooting, configure the RAID.

RAID1 with gmirror-

Before rebooting the box, type Alt-F4 and get to a shell. Type

sysctl kern.geom.debugflags=16

to remove the mount checks, and then

gmirror label -v -b round-robin gm0 /dev/ad0

will set the mirror up on ad0. Now,

echo geom_mirror_load="YES" > /boot/loader.conf

to instruct the bootloader to head for the mirror, and now, edit /etc/fstab, replacing "/dev/ad0" with "/dev/mirror/gm0" to mount the RAID device instead of the raw device on boot. If all is well, reboot. Following the initial boot, assume root and enter

gmirror insert gm0 /dev/ad2

which will make /dev/ad2 part of the gm0 mirror.

gmirror status will show you the resync status and tell you when the array has completed the rebuild. Also, gstat will show you how hard the mirror's working, and which disks are in use, measured in usecs.

If you're anything like me, one of the first things you'll do is install bonnie from ports and test the mirror's I/O. I found a particularly nasty IRQ problem this way, which resulted in 5.5MB/s writes to the mirror. Fixing that brought the performance into the 26MB/s write, 80MB/s read territory since reads are striped from each disk. Quite nice.

Installing ports

After the first boot, cvsup you ports tree and src trees, then install portupgrade. I found very little change to the src tree, but plenty of ports updates. I dislike the prompting in the installer to install ports directly from there -- I'd much rather do it following the first boot, though portupgrade makes life lots easier.

The FreeBSD Kernel

I wanted to run pf as the firewall, since it's the slickest firewall available on any OS. To do this, cd /usr/src/sys/i386/conf and cp GENERIC HOSTNAME, substituting the system's hostname for HOSTNAME. Use the SMP kernel file if it's a multi-CPU system.

Add these lines to the file:


device pf
device pflog
device pfsync
options ALTQ


and recompile the kernel with make buildkernel from the /usr/src directory. Install the kernel with make installkernel, and reboot.

pf

I really really like pf. The tables structure and configuration file syntax bring happiness to my heart, as does the use of variables within the config, as seen in this example:


ext_if="fxp0"
loop="lo0"
table <smtpblock> { 10.0.0.0/8 }
tcp_services = "{ 25, 53, 20, 21, 22, 80, 443, 110, 143, 993, 995 }"
udp_services = "{ 53 }"
block all
pass quick on $loop all
block drop in quick on $ext_if inet proto tcp from <smtpblock> to ($ext_if) port 25
pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port $udp_services
pass out quick on $ext_if inet proto { tcp, udp, icmp } all keep state
antispoof for $loop
antispoof for $ext_if


That's it, a full configuration with a table (no NAT).

Make sure that you have


pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""


in /etc/rc.conf, and you're all set. Some handy pf commands are

pfctl -s rules	Show the current rules
pfctl -sa	Show the current rules, connection tables, and statistics
pfctl -vvsa	Show the current rules, connection tables, and statistics, with extra verbosity
pfctl -vvsTable	Show the currently defined table statistics
pfctl -t smtpblock -T show	Show the entries in table smtpblock.
pfctl -t smtpblock -T add -f /tmp/bl	Add a list of IPs from file /tmp/bl to the table
pfctl -s rules	Show the current rules

There's much more to pf, and to this build, but it'll have to wait for another entry. I hope to have time to detail more of the migration, including gotchas encountered when moving between versions of common services, system-level changes and so on.

Suffice it to say, the server was rebuilt and put in place in a few hours' time, and I'm sitting back enjoying the knowledge that aside from minor patches, I won't have to touch it again for another few years.

Posted by Paul Venezia on September 6, 2006 11:23 AM